update

2024-09-14 07:49:45 +02:00
parent f25197e714
commit 7a267cdc4d
22 changed files with 1026 additions and 342 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -16,8 +16,8 @@ const (
 	defaultHostname = "localhost"

 	configFilename = "certmanagerd.yaml"
-	logFilename    = "certmanager.log"
-	pidFilename    = "certmanager.pid"
+	logFilename    = "certmanagerd.log"
+	pidFilename    = "certmanagerd.pid"
 )

 var (
--- a/internal/config/path.go
+++ b/internal/config/path.go
@@ -1,8 +1,9 @@
 package config

 const (
-	confdirPath = "/usr/local/etc/certmanager"
-	rundirPath  = "/var/run/certmanager"
-	logdirPath  = "/var/log/certmanager"
-	datadirPath = "/var/data/certmanager"
+        confdirPath = "/etc/certmanager"
+        rundirPath = "/var/run/certmanager"
+        logdirPath = "/var/log/certmanager"
+        datadirPath = "/var/data/certmanager"
 )
+
--- a/internal/database/grant.go
+++ b/internal/database/grant.go
@@ -30,6 +30,17 @@ func (db *Database) ListGrantsByAccountID(ctx context.Context, accountID int64)
 	return res, err
 }

+func (db *Database) ListGrants(ctx context.Context) ([]descriptor.Grant, error) {
+	var err error
+	request := `SELECT * FROM grant`
+	res := make([]descriptor.Grant, 0)
+	err = db.db.Select(&res, request)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}
+
 func (db *Database) GetGrant(ctx context.Context, accountID int64, operation string) (bool, *descriptor.Grant, error) {
 	var err error
 	res := &descriptor.Grant{}
--- a/internal/descriptor/descriptor.go
+++ b/internal/descriptor/descriptor.go
@@ -6,6 +6,14 @@ const (
 	GrantModifyUsers    = "modifyUsers"
 )

+type Dump struct {
+	Timestamp string    `json:"timestamp" yaml:"timestamp"`
+	Issuers   []Issuer  `json:"issuers"   yaml:"issuers"`
+	Services  []Service `json:"services"  yaml:"services"`
+	Accounts  []Account `json:"accounts"  yaml:"accounts"`
+	Grants    []Grant   `json:"grants"    yaml:"grants"`
+}
+
 type Issuer struct {
 	ID         int64  `json:"id"         yaml:"id"         db:"id"`
 	Name       string `json:"name"       yaml:"name"       db:"name"`
--- a/internal/logic/issuer.go
+++ b/internal/logic/issuer.go
@@ -114,10 +114,16 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, accountID int64, params *
 		return res, err
 	}

+	encodedKey, err := cm509.EncryptAES256(createIssuerPairRes.Key, params.EncodingKey)
+	if err != nil {
+		return res, err
+	}
+
 	res.Fingerprint = fingerprint
 	res.IssuerID = issuerDescr.ID
 	res.IssuerName = createIssuerPairRes.Name
 	res.Certificate = createIssuerPairRes.Cert
+	res.EncodedKey = encodedKey
 	return res, err
 }

@@ -191,8 +197,17 @@ func (lg *Logic) GetIssuerCertificate(ctx context.Context, accountID int64, para
 	fingerprintBytes := sha256.Sum256(issuerCertObj.Raw)
 	fingerprint := fmt.Sprintf("sha256:%x", fingerprintBytes)

+	var encodedKey string
+	if params.EncodingKey != "" {
+		encodedKey, err = cm509.EncryptAES256(issuerDescr.Key, params.EncodingKey)
+		if err != nil {
+			return res, err
+		}
+	}
+
 	res.IssuerID = issuerDescr.ID
 	res.Certificate = issuerDescr.Cert
+	res.EncodedKey = encodedKey
 	res.Name = issuerDescr.Name
 	res.Revoked = issuerDescr.Revoked
 	res.Fingerprint = fingerprint
--- a/internal/test/logic_issuer_create_test.go
+++ b/internal/test/logic_issuer_create_test.go
@@ -7,12 +7,12 @@ import (
 	"testing"
 	"time"

+	"github.com/stretchr/testify/require"
 	"certmanager/internal/config"
 	"certmanager/internal/database"
 	"certmanager/internal/logic"
 	"certmanager/pkg/cm509"
 	"certmanager/pkg/cmctl"
-	"github.com/stretchr/testify/require"
 )

 func TestIssuerCreateN0(t *testing.T) {
--- a/internal/test/logic_issuer_import_test.go
+++ b/internal/test/logic_issuer_import_test.go
@@ -15,7 +15,7 @@ import (
 	"certmanager/internal/database"
 	"certmanager/internal/logic"
 	"certmanager/pkg/cm509"
-	cmapi "certmanager/pkg/cmctl"
+	"certmanager/pkg/cmctl"

 	"github.com/stretchr/testify/require"
 )
@@ -86,7 +86,7 @@ func XXXTestLogicImportIssuer(t *testing.T) {
 	}

 	{
-		importIssuerPairParams := &cmapi.ImportIssuerPairParams{
+		importIssuerPairParams := &cmctl.ImportIssuerPairParams{
 			Certificate: certString,
 			Key:         keyString,
 		}
--- a/internal/test/testchain_b00.crt
+++ b/internal/test/testchain_b00.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIHBh+hJEKPSTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQD
+EwZIZWxtZXQwHhcNMjQwODE0MDkxMzM4WhcNMzQwODE0MDkxMzM4WjAQMQ4wDAYD
+VQQDEwVJbnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJY1hXk
+fDncpwLxPo1mnwo7KPiXufA6ba1MuE23q+f7L6ymwlwZqYi8BO0C+7IU94bc88nC
+plSC1ouPqo9AbuEzXW4X1zpcBIJ4rIaDj/G2i4QOuhc+VP/IT03d8WW+Z+VtCURL
+hTb42Cq2SzOehvSHOziYWZcm8vcP8Y7xsHiZDSse6UWzbGgtM/zXVOFf6Zh1lHoU
+sJosMhuNJ1pH9Vs/dEvXfViMSj4cLt49Hn0suBQMUp5IclcgAdFBzq3f4xQybB+D
+xJ0RnqGas+LUvOMKeNAUDkopGfAv9/zop7jVwh33VvlW/jN8uzACdIdSxtPWP/tA
+FVhDV6B6x7XFfIcCAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYw
+FAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FPqGKHUbgquKrwaVctaTY4QJDF+EMB8GA1UdIwQYMBaAFOUA8KCIWgc/zsTrX/AM
+xclvoehPMA0GCSqGSIb3DQEBCwUAA4IBAQBofJzaa35mfGEbZZe6gzewJFpdWGVm
+iC5VfeCFS/zcxNFByAYHa/1MEJO7ODu+6WQufBpURS+v6Z4G6oYj5CE5hF4RIo5E
+iRS4hCY3bf0+RO4NVK42il3XO3UzyP/QLT4NOkhd36kFTfEeUNnDu2hIWw7ruORt
+TaDbEeCcypCpy7PXUJb9OWcRc/UOuhJ3Bm4nUlJsJeKKxd0PQPHrJlKWJyXF6SIK
+mIlAUFzDpJczdCr67w0G2aOHITCrIGy8Xnsl+RSTak7FxJ7Ncl84Nw2NeO4N525W
+/PK+XxCO7xQm3vwiRBNX8Ys+Ja2m3MTkETBI0hEz/w+72z4xo0gDFSV+
+-----END CERTIFICATE-----
--- a/internal/test/testchain_b01.crt
+++ b/internal/test/testchain_b01.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAeygAwIBAgIHBh+hILboeTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQD
+EwZIZWxtZXQwHhcNMjQwODE0MDkxMjM5WhcNMzQwODE0MDkxMjM5WjARMQ8wDQYD
+VQQDEwZIZWxtZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCarFiV
+ZSfCsH9bvGN0thIlSFy5lrpJu2ocE5P+1rJAtUJDJTt2SaKrMfa4hFSBhNgP5QoX
+xNRuSA4lMXVz4eXBEUHl20QVrx0WzGkP7IPpPJw/w32EY1DGOYuxtO9wL2qUYQmq
+eOJzMM3fvLIoZKjpJZ492SgG2btVUhfgrx5U8h6JYl3ng46peBnVL3fgppLuSCiI
+OsPGWJYpv1BvFeTU9o9uaADmcDUkYWpwfBmSZzlmXda1veG7Y2GW7fVRbMqiDFHn
+0TAm6fd4Yb1GXoCgVLeCvvrVZMy5yjMLXAIXRTJ0p6NA2wrsHCiAKn3ycwCW+Ma
+SAucYh2wgmXfkdhPAgMBAAGjYTBfMA4GA1UdDwEB/wQEAwIBpjAdBgNVHSUEFjAU
+BggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+5QDwoIhaBz/OxOtf8AzFyW+h6E8wDQYJKoZIhvcNAQELBQADggEBAG+e3zVQVhsN
+9UFcYpzlN0WeUejlSA/qmeJKVyhWKB7bROcQclocw8s2Fam5/CvV/AUXsxWK6+9z
+T/28geybwJRwlWnsj8RD/NiauGU3XkQKU6tBu+IuUShVH37ULljgIJVc5W0+J6IN
+qlEif9u3ByA8Q/mvybrKBiU2UfdH/B2sIsQsZfLdwN8KYQrMD5itJ6rvzFmglwvB
+PjslByKLYQOqZoScm6lh55YVFDO2t1LI/xXb2sTSgIb3ZPkKx0NLK+H0UpochXqi
+3WOhrH7SHF67PpOP/8iq/kNVdJBj8OGDfxemyC3Lb4aPlq2NFWz/VENRPrA1GS7S
+GeeeAVeQapU=
+-----END CERTIFICATE-----
--- a/internal/test/testchain_b02.crt
+++ b/internal/test/testchain_b02.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIHBh+hLIwMsDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQD
+EwVJbnRlcjAeFw0yNDA4MTQwOTE1NTdaFw0zNDA4MTQwOTE1NTdaMBgxFjAUBgNV
+BAMTDWh1Yi51bml4Ny5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDBRhge9hIv9fhyg6WcU9jityFUgaC3AAS+Cz9G+d1miGADwcJe+3Tk/CiyCjsj
+gmUSA0JTSqYv8TzrS4nihxAQuz8ZZh35PZpLk8G7ujJZOByTj0aNqrPYe+hWRcSv
+xmXsoxEL15v+HYyocFvfwLb1+2hTL+nbWKiRYkUnERyJL2NO0HxHQ9v3hma9ebMa
+WKrZ04qcegn4dY1YquiX+knjblSNHqqCELO96ivrA1prcbn2SCrvc+ZgFhnpIOTw
+LTybUhqF1xXqoRU9W63Xj3+2cCYAzVSflnR/PyzSdeD4GmWgysMiHzJaiAkbd3B8
+3TIKCvNtOBBN17X1uoLg9GtzAgMBAAGjgYswgYgwDgYDVR0PAQH/BAQDAgeAMB0G
+A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1Ud
+IwQYMBaAFPqGKHUbgquKrwaVctaTY4QJDF+EMCgGA1UdEQQhMB+CDWh1Yi51bml4
+Ny5vcmeCDmRuczUudW5peDcub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBwZo42/QNc
+iSrwiyWMKEtV5BzwjV9TIFku/udrsTlak/nTdZouwsQLswdJaRCqElwALoEBOylb
+2k7VGh2aBJQGFUwF4nTRpkAj9nmMPYN848N3UiFdx/htpLs3hdpbHcDa2xJML/zY
+73c5WsCOxGN99Z/qqu0wbw/NDMBLR2q1YaLbOZTrM6bmNK8lTTAjH1GpqW/Xkarm
+MQnG6xK2A5sJWjCR+SLS+oKgvGHjpr/P1hUEVEB49P0BVIRR2L3BrdQHG3qT/UN4
+E5qBzQCEFMCSqmC+k7Xnux0j1dgx8s77/ofUPUgh1CnEuCGhhugpky8wWKVeZmO6
+UYUza0cTWKDw
+-----END CERTIFICATE-----
--- a/internal/test/testchain_b02.key
+++ b/internal/test/testchain_b02.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAwUYYHvYSL/X4coOlnFPY4rchVIGgtwAEvgs/RvndZohgA8HC
+Xvt05Pwosgo7I4JlEgNCU0qmL/E860uJ4ocQELs/GWYd+T2aS5PBu7oyWTgck49G
+jaqz2HvoVkXEr8Zl7KMRC9eb/h2MqHBb38C29ftoUy/p21iokWJFJxEciS9jTtB8
+R0Pb94ZmvXmzGliq2dOKnHoJ+HWNWKrol/pJ425UjR6qghCzveor6wNaa3G59kgq
+73PmYBYZ6SDk8C08m1IahdcV6qEVPVut149/tnAmAM1Un5Z0fz8s0nXg+BploMrD
+Ih8yWogJG3dwfN0yCgrzbTgQTde19bqC4PRrcwIDAQABAoIBADhyBDFmpEElkP3A
+vOk/A6SS30US5qELfFcUadKMvsBnK8NtHxsmTSljC2+T1Vm1h1cPZJt2vbpatfPy
+B78Euwhn5zG/xRk5iIpyCK6O3o13+cCOo4hURln/NgecMKk1RCcsKJpQydoZPy8i
+QXLDkaudVQaWg7Hv3qs3DAMw2CioEFantsLVFQ5V/s7oIM9hc1TuS1hUnSRAw5yI
+30DLVolzpTrE5bZt8wink+oebqS2jpLe+qLxdCC2th1oEywWqOTfsTZXB00nBDVP
+cOZdOsRVQdWuj5rUD51YDq9jsvumalFa0zv9ntn64k2fXJDSfbR1uAVjCxqEhyS1
+WLhcJwECgYEA13eWrd/8hP9JhDz/XtTZXYnnhowATKwCw+5gZsnCcEZxxhXdcoFr
+KTf2VOgZNtnzWi/nF5lqYhjk61gIQ1OLjjAaNyt2jXebXXRHzXboHvcPvIYyPuI5
+YP7YDlUzs8lqeFrIKEHqFdEQqQm7VL+gfWoq9lsTygSguaFdoTjAB+ECgYEA5aG5
+fjnAd2YWS6v87YDn91vG/WUq3CgmSGh3Ls3PGt+QxUWGOl2U4gPpSuyggxQE1JnY
+k1ZNsFVioc4qHkQQTqi8bzrO/Vh0f9HNjBcP5x621wI5bePVvZ1MJ4nMmqc0h0BF
+NIuO5p0hnDJ0cR+jIBFNw+QJaSW/tfW2vkU3jdMCgYEAyG6yeCQ4Hu/rT1v+ohSV
+7vFtsjdhv/Dy0ZhZjMR6Xz7obz+/s9i3+qvYNbuCWQf93BNbgRRxZbeKm3JUnWyG
+EUql2FRR/98XY6Pbd0H5Q3TH6rNa4ixG+/eUvCB96+ydYj/wmaJXQtwsB1LKNFfd
+z0yHkou+qNoNOSDmnCbSW4ECgYEAh8uPylmUvAcfADkBJeKpStp3XrpJElCb8w30
+DTWgWCAFmON4cWON++qcN7afZWSdRqyEKv1KjBCyd0VYGvXdPucCKDT6209H9Z64
+kzPAL8k2Dwg9tgKaD7vJoUgYOwzOP31+b4hoRXB+w8QCoDM5YGlbN5DPD+NG7/AS
+1YpRRAkCgYEAuxo8AuM6Qwbm+E4GdhN2YJGZvNaPHl9rfjML0jZvE53zLOapPc71
+bwN+Wu6tx1DucBOYai/rw/5p/pl3RAgx6wb03Bt0hI30WWzjlv55egSpixtLlgTm
+swrhH6co+Vv1+rijWkX8sO/lgVqISBrS/vyYszJr9vpmyYZ0Q+kXl0=
+-----END RSA PRIVATE KEY-----